Mobile

Samsung details February 2019 security patch

Samsung has detailed the security patch details for February 2019, which fixes the different level of exploits and issues within Samsung phones.

There are issues with the operating system, kernel patches, and driver updates may not affect any particular device, but need to be fixed in the Android operating system covered by monthly updates.

Samsung is releasing a maintenance release for its flagship models as part of monthly Security Maintenance Release (SMR) process.



This SMR package includes patches from Google and Samsung, providing fixes to 12 Samsung Vulnerabilities and Exposures (SVE) items, some of them are followings:

Heap overflow in Baseband:

Severity – Critical
Vulnerability – A possible heap overflow vulnerability in baseband may cause memory issues.
Fix – The patch adds length check code in the baseband.

Stack overflow in Baseband:

Severity – Critical
Vulnerability – A possible stack overflow vulnerability in baseband allows arbitrary code execution.
Fix – The patch adds length check code in the baseband.

Possible uninitialized memory disclosure in Gallery:

Severity – Low
Vulnerability – A vulnerability in the library that parses the images exposes memory when opening images via Gallery app.
Fix – The patch addresses the memory exposure in Gallery app.

Keyboard learned words are leaked on the lock screen via S-Voice:

Severity – Moderate
Vulnerability – A vulnerability in Keyboard allows access to learned words via S-Voice in the locked state.
Fix – The patch blocks access to Keyboard’s learned words in the lock screen.

Information disclosure in the ion debugfs driver:

Severity – Low
Vulnerability – A possible information leak vulnerability exists in the ion debugfs driver.
Fix – The patch prevents output of kernel driver in the kernel log.



Comments
To Top